Hi, everyone. Welcome to Okta's First Quarter of Fiscal 2027 Earnings Webcast. I'm Dave Gennarelli, Senior Vice President of Investor Relations at Okta. Presenting in today's meet will be Todd McKinnon, our Chief Executive Officer and Co-Founder, and Brett Tighe, our Chief Financial Officer. Eric Kelleher, our President and Chief Operating Officer, will join the Q&A portion of the meeting. At around the same time the earnings press release hit the wire, we posted supplemental commentary to our IR website. Today's meeting will include forward-looking statements pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995, including but not limited to, statements regarding our financial outlook and market positioning. Forward-looking statements involve known and unknown risks and uncertainties that may cause our actual results, performance, or achievements to be materially different from those expressed or implied by the forward-looking statements.
Forward-looking statements represent our management's beliefs and assumptions only as of the date made. Information on factors that could affect our financial results is included in our filings with the SEC from time to time, including the section titled Risk Factors in our previously filed Form 10-K. During today's meeting, we'll discuss non-GAAP financial measures. Though we may not state it explicitly during the meeting, all references to profitability are non-GAAP. These non-GAAP financial measures are in addition to and not a substitute for or superior to measures of financial performance prepared in accordance with GAAP. The reconciliation between GAAP and non-GAAP financial measures and a discussion of the limitations of using non-GAAP measures versus their closest GAAP equivalents are available in our earnings release.
You may also find detailed information in our supplemental financial materials, which include trended financial statements and key metrics posted on our Investor Relations website. In today's meeting, we'll quote a number of numeric or growth changes as we discuss our financial performance, unless otherwise noted, each such reference represents a year-over-year comparison. Now I'd like to turn the meeting over to Todd McKinnon. Todd?
Thanks, Dave, thank you everyone for joining us this afternoon. We're pleased with the strong start to FY 2027. Consistent with recent quarters, our results were driven by strength with large enterprises, partner engagement, and contribution from our newer products. Underpinning this performance is the durability of our core business with the Okta and Auth0 platforms both contributing to steady momentum across our entire portfolio. That said, the number 1 topic of interest from customers to investors is Okta's AI strategy. Today I'll focus my remarks on how Okta is uniquely positioned to capture the AI opportunity. The future of technology is agentic. For Okta, this represents a tremendous opportunity and an even greater responsibility. Every AI agent inside an enterprise is a new identity. Today, AI agents are the fastest-growing identity in the enterprise, but also the least governed.
Okta helps bring agents under control by treating them as first-class identities that can be managed and governed by their existing identity management system. We believe over time, most large enterprises will have more agentic identities than human ones. This shift broadens the attack surface because every agent comes with credentials, privileges, and the ability to act on a user's behalf. In turn, this raises the strategic value of the identity layer because governing autonomous systems requires the kind of control, audit, continuous intent-driven authorization, and real-time enforcement only an identity platform can deliver. To help our customers confidently secure this shift, we're building on three unique advantages, each with powerful network effects: distribution, product breadth, and neutrality. Today, I'll cover all three, starting with distribution. Okta pioneered identity for the cloud era.
Over the past 17 years, we've built the most modern and comprehensive identity platform, which is now the identity system of record trusted by more than 20,000 customers. In the agentic era, identity becomes even more foundational. When a customer secures their agents with Okta, they are not taking on a new platform. They are extending the trusted foundation they already rely on with Okta. We've already seen how our customers benefit from this expansion in other parts of our business. Customers are finding value in Okta's unified identity system as Okta Identity Governance was once again the leading contributor among our new products. This distribution flywheel is evident in our results. Our new product portfolio represented approximately 25% of Q1 bookings, a meaningful increase from Q1 last year. We see a 40% ACV uplift when new products are included in a deal.
The same customers who trust Okta for workforce and customer identity are extending that trust into agent identity. Our second unique advantage is product breadth. We are the only vendor with solutions that address both sides of the agent security problem. Okta for AI Agents, which became generally available last month, gives enterprises a single control plane to discover, govern, and manage agents across their organization. It is the first and best implementation of the blueprint for the secure agentic enterprise, an industry framework for bringing agents under control by answering the three questions that have dominated my customer conversations over the past several months. Where are my agents? What can they connect to, and what can they do? Enterprises need to maintain visibility and control over their sprawl of agents, ensuring they have governed identities, consistent access policies, and ways to shut them down to secure every agent end-to-end.
Okta provides customers with centralized visibility into agents with identity governance capabilities, including ownership assignment and lifecycle management, while giving IT and security teams critical security controls to deactivate rogue agents. For developers building AI agents, Auth0 for AI Agents provides the identity foundation to ship secure agents inside their products. Auth0 for AI Agents secures agents, APIs, and users effortlessly for B2B, B2C, and internal apps, all backed by the enterprise-grade auth they already trust. In tangible terms, pipe generation in Q1 was strong, driven in part by these two new products. The third unique advantage is neutrality, which is more important than ever. The AI landscape is evolving rapidly. Customers need an identity solution that frees them to choose whatever technology serves their business best without fear of vendor lock-in. As the leading independent and neutral identity platform, Okta gives organizations the flexibility to do exactly that.
In the same way enterprises run workloads across multiple clouds, they are deploying agents across various platforms like OpenAI, Anthropic, Google, Microsoft, Salesforce, and a growing set of open source frameworks. Managing and securing an autonomous workforce requires a neutral, independent identity layer that others can't provide. In practice, cloud providers, model providers, and agent platforms are partnering with Okta to securely manage agent identities as they continue to proliferate across the enterprise. Okta is the only modern identity platform purpose-built to sit above the agent ecosystem, and it federates with whatever identity provider a customer runs. That means the opportunity for Okta for AI Agents is not limited to our existing workforce customers. It extends to every enterprise with a multi-platform AI strategy. These three advantages are unique and mutually reinforcing.
The more organizations use Okta to secure their agents, the more identity signals flow into our platform, the stronger our governance and detection becomes. Our neutrality allows us to secure current and future agent frameworks for customers, allowing Okta to capture more of the addressable market. Neutrality becomes even more important when it comes to technology partnerships and integrations. Like the traditional cybersecurity landscape, no single company can address the agentic security market alone. That's why we've partnered with AI leaders, from ISVs to hyperscalers to frontier AI vendors, and I'd like to highlight a few of those partnerships today. We've entered into a partnership with ServiceNow that integrates their AI Control Tower product with Okta for AI Agents. Our partnership with Google brings centralized identity governance and access control to Google's Agent Gateway.
Okta for AI Agents now integrates with Amazon Bedrock AgentCore to provide customers with identity governance capabilities for their agents. We were a launch partner for OpenAI's release of GPT 5.5 Trusted Access for Cyber. Finally, we're collaborating with Anthropic in a number of ways, from testing Anthropic's Claude Mythos preview model as part of Project Glasswing to a new integration between Okta Identity Security Posture Management and the Claude Compliance API. It's still early days, but the agentic era is fundamentally transforming how we deliver success for our customers. By leveraging our unique advantages, great products, deep partnership, and industry expertise, we are well positioned to help customers thrive in this fast-moving landscape, which will unlock a new growth vector for Okta.
To wrap things up, FY 2027 is off to a strong start as we look to build on our momentum as we move through this year and beyond. I want to thank the entire Okta team and our loyal customers and partners who put their trust in us every day. Now, here's Brett to cover the financial commentary.
Thanks, Todd. Thank you, everyone, for joining us today. The investments we've made in product innovation, our go-to-market team, and partner network are yielding tangible results. We're pleased with the strong start to FY 2027 and are confident we're on the right path to accelerate the business. My commentary will provide insights into our Q1 performance and then move into our outlook for Q2 and FY 2027. I'll start by highlighting the strength we saw in our go-to-market performance. As a reminder, at the beginning of Q1 last year, we further specialized the go-to-market team into Okta sellers, addressing security and IT buyers, and Auth0 sellers, addressing developer buyers. The teams are now fully settled into place, allowing us to start this fiscal year with far less change.
The stability of the sales team, coupled with strong execution, led to positive go-to-market KPI improvements, including increased sales productivity, strong pipeline build, and low AE attrition. We're also seeing the investments we've made in our partner initiatives take root as partner source bookings experienced a meaningful increase, including multiple million-dollar-plus deals in Q1. Moving on to our balance sheet and capital allocation. We had another strong quarter of cash flow in Q1 and ended the quarter with a very healthy balance sheet consisting of approximately $2.6 billion in cash equivalents, and short-term investments. Next month, our convertible notes reach maturity, and we will settle the remaining principal amount of $350 million in cash. Over the course of Q1, we repurchased and retired just over 3 million shares for a total cost of $241 million.
$680 million remains under the $1 billion repurchase program that we launched in January as we look to take advantage of what we believe to be an undervalued share price. We continue to regularly evaluate Okta's capital allocation priorities to ensure we're well-positioned to deliver sustainable long-term value to shareholders. Let's turn to our business outlook. Our guidance philosophy is unchanged as we continue to take a prudent approach to forward guidance. For the second quarter of FY 2027, we expect total revenue growth of 9%, current RPO growth of 11%, non-GAAP operating margin of 26%, and free cash flow margin of 20%-21%. For the full year FY 2027, we now expect total revenue growth of 9%-10%, non-GAAP operating margin of 25%-26%, and a free cash flow margin of 27%-28%.
As I called out last quarter, the FY 2027 revenue guidance includes about a one point impact related to a strategic decision to shift more of our professional services business to our partners, specifically global systems integrators. This change will result in lower professional services revenue and is expected to start to materialize in Q2. The FY 2027 free cash flow margin guidance includes about a one point impact related to lower interest income due to the combined impact from the stock repurchase program and our intent to settle the remainder of the 2026 notes in cash. To wrap things up, we're optimistic about the trends we're seeing in the business. We've been disciplined with our cost structure while investing for growth, putting Okta in a great position to extend our leadership in identity security.
We've demonstrated exceptional leverage in our model and are positioned to deliver profitable growth for years to come. With that, I'll turn it back to Dave for Q&A. Dave?
Thanks, Brett. I see that there are already quite a few hands raised, and I'll take them in order until the top of the hour. In the interest of time, please limit yourself to one question. With that, we'll take the first question from John DiFucci at Guggenheim.
Thanks. Thanks, Dave. Thanks, everybody. Nice job, you guys. Really nice to see. I guess I have a couple. I'm going to have one, Dave, and it's going to lead into what Todd was talking about with AI. It's not one I like to ask usually, but I think based on our work anyway, you guys have done a great job of gaining AI mind share among the channel. The channel is talking about what a good job you're doing that and getting in front of customers. We realize it's still early. Can you talk about how this is materializing in the market? Are customers actually at the point where they're actually securing agents yet? Are they just talking about it, or are there a lot of them that aren't even really doing that and you're trying to make sure you're in front of it? Thanks.
Hey, John. Let me set the stage for you out there. I've spent the last 6 months, I'm on this goal to talk to in-person, face-to-face with our top 100 customers, about 75 customers in. When you mix that with a bunch of other conversations, here's what's going on. Everyone is deploying agents in some way, shape, or form, but they're really just starting to think about and put in programs in place to lay out the rails of governed, managed adoption. A concrete example is you'll have a development team that is using Claude Code, but it's connected to GitHub and their Jira system with static tokens in the local developer box. That company is using agents, but they've really done it in a haphazard, non-secure way. What's happening now is they're figuring out those rails.
They're figuring out how they're going to have secure connections, have a system to monitor where all the agents are, have the ability to support it from multiple platforms. That's why you're seeing the record interest and the record pipeline for what we do with Okta for AI Agents and Auth0 for AI Agents. The reality of these products, it's still early. They're not materially contributing to the business in Q1. In fact, we're still being prudent in our guide. They're a little bit in the guide, but not significant in the guide. It's going to be big. We're pouring a lot of R&D effort into this and focused on it. The interest is super high, unlike anything we've ever seen. I think it's because we've focused on it. We have a good story and good thought leadership, as you mentioned with the channel.
I think another big reason is that it's ours to win because they're used to looking to us for trusted infrastructure that they use to connect their employees and their customers to all these resources. It's very natural to say, Who can really manage these connections and give me these governed rails for all these secure connections, where my agents are, what they're doing, what can they do? It's a natural fit for us. I think as they build out this infrastructure, we're in this really great position to have this be a super meaningful part of the business and TAM over the next several quarters and several years, and that's why we're working so hard to take advantage of it.
Todd, that all makes sense. If you could just, in this same topic, when do you think this will start to happen en masse? Like I said, you're out ahead of it.
Well, one thing that's already happening is that we're already starting to get pull-through in the sense that these agentic AI conversations are raising the strategic importance in many of our customers' eyes of what Okta is. Beyond just workforce access management to this really, hey, these guys could be this broad platform across governance, privileged, posture management, identity security, identity infrastructure, and that is having impact. That is in the numbers now. If you look at our 12% revenue growth, you look at net retention inflecting up to 107, a CRPO of 12, that's being driven by Okta being put in a more strategic light because of this thought leadership in AI, and that's going to continue throughout the year as well.
Great. Thanks a lot, Todd.
Thanks, John. Next up, let's go to Brian Essex at JP Morgan.
Great. Thanks, Dave, and thank you for taking the question. I wanted to follow up on John's question a little bit. Todd, would love to know from a macro and spending perspective, we heard beginning of the year, I think there was a little bit of caution around IT security budgets, and then we started hearing about security getting access to budgets outside typical budgets, whether it's marketing budgets and so forth. Now we're starting to hear about panic or incident spend now that Mythos has come out, Glasswing, which you mentioned, I think CIOs a little bit fearful of how the threat environment might accelerate. Could you tie that back into what you're seeing for demand and access to IT budgets? Are you getting that incremental spend? Is the panic around the threat environment a headwind to your sales cycles, or are you benefiting from it?
Would love to just get what you're hearing from customers.
When we talk to customers, they're cyber professionals, and they're entrusted with keeping their organization secure. Any kind of intelligence they can get, any kind of edge or information, whether that's something on the dark web or that's some new model, they're all over it. There's ton of energy around getting access to Mythos and Glasswing and OpenAI's new model. They're very interested in that. That being said, I think the world and the population has extrapolated that from thinking that they're panicking and changing their priorities. That is not true. I think what it's doing is everyone is reinforcing the fundamentals. They know what they have to do. There's been zero days forever. Now there's going to be more, and we can debate how many more. They've known what they have to do.
They have to have a good zero trust environment. They have to have solid identity. They have to make sure they have a patching process. They have to make sure they have visibility. I think what I'm seeing is that boards and CEOs are saying, "We know this agentic thing is real. We got to put the guardrails in place for that, and we know that security is real, and we're going to spend money on that." The reality of it, Brian, is that it's the fundamentals. It's identity. 80% of breaches go through identity, and you know you have to patch your systems. You know you have to have a good multi-layered defense and zero trust so you can defend from multiple ways.
I think that's why we're so well positioned to be that key identity platform in an unmatched array of products that no one has. No one has governance, PAM, identity infrastructure, identity security, agentic story. That's why we're really excited about what's going on.
That's helpful. Are you seeing that materialize in accelerated sales cycles, or is this more of a conversation?
I think this return to the fundamentals and knowing you have to fix your fundamentals is helping the identity market and the identity security market. I don't think it's necessarily showing up in agentic identity yet. That's still early.
Yeah.
It's accelerating the importance of investing in your identity infrastructure and your identity security.
Makes a lot of sense. Thank you.
Great. Let's go to Todd Weller at Stephens.
Thanks. Todd, question for you on agentic. If you laser into kind of the runtime authorization and policy enforcement area, could you kind of provide some details on Okta's role in that layer? Then how you interplay with some of these embedded capabilities we're seeing in the hyperscaler and agentic AI platforms.
Yeah. Sometimes it's all moving so fast, and everyone's got their release and their announcement, and everyone kind of says the future of agentic is centered around what they traditionally have done, right? It's a little bit hard to pull apart. Here's what Okta does, and it's very much a key part of what is needed, and that is we connect traditionally as people to resources, whether that was the apps you need to do your job, whether that was the apps your customers wanted to browse on your website or mobile app. Now it's very similar with agents. We tell you who your agents are. There's a directory of agents. We can scan multiple platforms and multiple systems and give you that source of truth of where your agents are, and we can help you set a policy on what they can connect to.
Agents can read this from Microsoft Teams, and they can read this from Slack, and they can read this information from Snowflake, and they can read this from GitHub. It's like single sign-on or access management. All the protocols are different, so it's a new product capability, and the way agents are built are different than some of these other apps are built. It's a new set of capabilities, but at a high level, it's the same thing. You mentioned this last part, which is really key, which is once you can get into these systems, what can the agent do? What types of data can they see? Is it read only? Is it read/write? How does it work? We can lay that authorization.
Actually, we can surround the agents with an authorization layer that will control what the agents can do without having to go into these large enterprises that we're working with, the FedExes, the Dells, the biggest companies in the world. They have thousands of applications, and it's not realistic to go require the customer to rewire all these applications to set up their agents. We can surround the agents with an authorization layer that does that in a very scalable way. It's detecting agents, controlling how they can connect to things, and then what they can do in there. There's a few fundamental truths, right, that are going to play out, I think. One is that they're going to get agentic capabilities from many, many companies. They're going to have different platforms. They're going to have hyperscaler platforms. They're going to have foundation model platforms.
They're going to have open source platforms. They're also going to get agentic capabilities from apps. Salesforce is going to have their, Workday is going to have their, ServiceNows and on and on. Everything is going to have agentic capabilities. We know they're going to have to have a directory of these things, a roster of these things, a policy layer, and they're going to have to make sure they can connect to things. We're seeing our customers, it's a kind of a no regrets move to pick this independent and neutral identity layer that can solve those fundamental problems without locking them into, hey, you got to be all AgentCore, or you got to be all Agent 365, or it's Agentforce. They want flexibility and choice across multiple things.
Thank you.
Okay, let's go to Eric Heath at KeyBanc.
Thanks, Dave. Congrats, everyone. Todd, just to stick with the theme, I wanted to ask about the pricing strategy for AI Agents and understand everything's early, so just curious to get your perspective on where the market is in terms of figuring out how we're going to price these things, and then just any update you might be able to share on the uplift you're seeing from AI Agent deals at this point. Thanks.
One of our advantages is that we have 20,000 customers. The way I've organized the team to attack this opportunity is all around focusing our strategy and our product roadmap directly informed by active customer conversations. We have an AI takeoff team that's out there having hundreds and hundreds of conversations with our customer base, figuring out what they are actually going to do with these agents today. What are their challenges today and tomorrow? It's very informed by what the customers actually are doing, planning to do. I tell the team, in this area, there's so much hype and so much noise. There's a big risk of science experiments, building things that maybe aren't super useful that sounded like a great idea. Our approach is very pragmatic and focused on the real requirements.
The way we've done pricing for our products is exactly in line with how our products have been priced in the past. They're priced on, it's an uplift to a named user, or it's an uplift to a monthly active user. You might say, "Hey, Todd, agents are this new thing, and why are you pricing them on an active user or a named user price?" That's for two reasons. One reason is that's the way customers want to consume it right now. Two, the majority of concrete use cases in the world right now for agents, it's on behalf of a user. It's an agent working on behalf of a software developer. It's an agent working on behalf of a support rep. It's an agent working on behalf of someone in accounting.
It's very natural with how they want to buy it and how they're actually being used. It's an uplift on a named user, and it's an uplift on an active user. We fully understand that that's going to evolve, and there will be more autonomous agents that have to be priced not by user base or not an extension of user. The unit has to be the number of agents. It's a little bit tricky because it's very hard to define the number of agents, because some person might say, "Oh, I have 1,000 agents," but it's really kind of 1,000 copies of the same agent or 1,000 instances of the same agent. In other cases, it might be literally one instance of an agent acting for many different use cases.
The industry is kind of figuring that out, and we'll figure that over time how to monetize and price that now. Right now, we're pricing for market share and reducing friction in how customers want to buy, and we think that's the winning strategy.
The other thing, Eric, I would just add around your question around uplift and how that's going, the average deal size for these AI-specific deals is significantly larger than the average deal size for the rest of the company. We are seeing a good uplift. Look, we're still early, so that has the potential to change, but the early signs are these deals are quite sizable, and that's one of the reasons why we're optimistic about the opportunity in the long run.
It's a different strategic conversation with customers, where you're talking about we're going to be the backbone for your agentic control plane, and we're going to also do your customer identity and your employee identity versus, "Hey, we want some tactical multifactor authentication thing to pass an audit," and it's maybe done lower level in IT. It's a whole different type of conversation we're in, and that's really driving a lot of this positive momentum in the business.
Appreciate that. Thanks, Todd, Brett.
Okay, next we'll go to Adam Tindle at Raymond James.
All right. Thanks. Todd, you mentioned a building pipeline on AI. I wonder if you might help with the size of this, maybe relative to other products in the past, or maybe a different way to ask that to Brett would be to.
The pipeline's bigger than anything we've ever seen.
Yep. Very clear.
No, it's like we don't get paid for pipeline.
Very clear.
It's not a pipeline problem. It's how can we execute on turning this pipeline into real dollars? The reality is, the AI agent products didn't materially contribute to Q1. There's a little bit in the guidance, but it's heavily discounted, being pretty prudent there. We're optimistic. We vote with our dollars, and we're investing a lot of R&D in these products, and if you just look at what is needed in the world and thousands and thousands of customer conversations, the need is there, and customers are going to lay down these rails. They're going to lay down these rails of security and identity for their agents, and we're there to convert that pipeline as soon as we get the opportunity.
I see it in Brett's guidance as about 100 basis points above where he would normally guide to Q2 based on the past couple of years, so I can see some of that. I guess the other part of my question I wanted to ask was the difference between AI for agents in Auth0 versus Okta, the two different platforms. Maybe just help us to appreciate the technology aspect of that. Is there a big difference in size of pipeline between the two? Is one materializing faster than the other?
They're both healthy. The Okta pipeline is bigger. I think that's because it's a little bit of I think the companies that are figuring out how to manage and deploy internal agents are further along than people building agents into their products and into their websites. I think that they're both going to be big opportunities over time.
Thank you. Congrats.
All right. Let's go to Josh Tilton at Wolfe Research.
Hey, guys. Thanks for sneaking me in. Maybe I'll call it a two-parter so Dave doesn't kill me. The first one is just really strong short-term bookings. I think some of the strongest we've seen in a while. How durable is that growth? Just maybe my second part, completely unrelated to anything we've talked about so far on the call, but it kind of stood out to me in the prepared remarks. Large customers represent 85% of ACV now. I think you guys used to call out 80% of ACV. Maybe just help us understand what's driving that mix shift there.
Yeah, I can take the mix shift, Todd, if you want to take the first one.
Yeah, for sure. You want me to talk about short-term bookings or-?
Yeah. Absolutely.
Yeah.
I can get into it too as well. To Pete.
Yeah, I think that the performance in the business that we think is very, very durable. If you look at the, it's particularly the AI landscape, I was having dinner with a bunch of CEOs of companies, different sizes, and everyone's super worried about their spend and their products and their revenue and their products being not durable because it's token spend, and they worry about the products being used, and then maybe someone's going to look at the spend and stop spending the token spend, and we don't have that. This is critical infrastructure. Whether it's just core identity, infrastructure for people or for customers. It's like good news and bad news. The bad news about identity is it's pretty hard to put in place, and it's pretty hard to change, so it takes longer than some of these other categories.
The good news is that once it gets in, it's sticky, and you're not going to take it. As long as you keep innovating at a reasonable level, you keep good customer relationships, you're going to have a very profitable long-term relationship. Yeah, we're very confident in these trends of the business that are durable and sustainable and in a lot of ways with what's going to happen in this AI wave just getting started.
One of the things I'll add to the durability comment as well is, in our results for the quarter one, we reported that our new product inventory overall accounted for 25% of our bookings. While we're not yet seeing a material uplift specifically from our AI products, given that they're newer to market, that's continued growth and trend in the diversification of our product portfolio, and Todd talked about that today in his opening comments. Customers are continuing to look for us to solve the breadth of use cases they have across all their technologies and all their stack. Knowing that Okta's going to continue to be the neutral identity provider growing from access management through governance, and we continue to have a great quarter for our governance portfolio and into privileged access. We had some great wins in the quarter for privileged access as well.
All of that is continuing from a durable momentum basis. As Todd indicated, the additional products now entering the mix with Okta for AI Agents and Auth0 for AI Agents provide further upside to that. We're very optimistic on the durability of the results we saw for Q1.
Yeah. Okay. I'll answer a little bit of the first and the second question, actually. Josh, I would say in general, if you looked at Q1, the strength across the quarter was fairly broad-based. For Q1, usually Q1, as you guys all know, is seasonally our lowest quarter of the year, right. If you look a lot of the metrics in Q1, they were quite healthy, whether it's the pipe gen, whether it's the bookings number, whether it's the AE attrition, the AE productivity. Across the board, it looked pretty good for a Q1, which we're really pleased with, which is why you hear all the optimism in our conversation today and the prepared remarks, and you see it in the numbers, frankly. I think it's very exciting from that perspective.
In terms of the 80%-85%, it's something simply we've been working on very hard over the last few years. We've talked to you a lot about large customers, right? We've talked about the investments we've made into those large customers and getting more large customers, it's really the result of the hard work that we've been doing over the last few years. You can see it in the $100K, which is your top greater than $100K. You can also see it in the greater than $1 million customers. Obviously, that was growing quite nicely in the quarter as well. I think it's just the result of our hard work. If you look at our strategic initiatives this year in FY 2027, large customers is on the top of the board as well, right?
AI and large customers are really the two of the main four on the board that we've talked with you guys about in the past. It's not hugely surprising the numbers are what they are because of all the hard work we've been doing over the last couple of years, so hopefully that helps, Josh.
Very helpful, guys. Congrats again.
Hearing that commentary, one thing I want to throw out there is that the large enterprise opportunity, we're still relatively early. We've done really well in the mid-enterprise, and we have a lot of opportunity still in the Global 2000. It's paying off, but we still have a lot of upside there as well.
In addition to all that, we also haven't talked yet about the fact that we had a great quarter in PubSec, in our federal and state public sector business as well. Across the board, we're very bullish.
Okay, we'll take the next question from Roger Boyd at UBS.
Great. Thanks, Dave. Todd, in your prepared remarks, you talked about Okta's ability to sit above the agentic ecosystem and that Okta for AI Agents is not necessarily limited to your existing workforce customers. I guess, are you seeing your thought leadership and the conversations you're having with customers around agentic identity starting to influence broader identity deals, or create bigger competitive wins down the road?
I think we're definitely seeing that. We're seeing that the products we've offered for AI agents and this blueprint, this vision we have for the industry and AI agents, is raising the strategic level of conversations, which is pulling in other products and helping us displace legacy faster and sell more of our existing products and our newer products into new customers and the base than we would be otherwise. I say that because to make it clear that the AI agent products, it's still a material, their contribution, with Okta for AI agents going GA in April. They had a good quarter, but it's still small base, so the pull-through is real already, though.
Great. Thank you.
Yeah, we'll go to Peter Levine at Evercore.
Great. Thank you, guys. Maybe for you, Eric, just to kind of piggyback off the prior question. You've been talking about, I think, Todd, your prepared remarks, 25% of bookings. Maybe just talk about IGA, PAM. Are these competitive displacements versus greenfield opportunities? Just curious to see how much of your IGA product today are you seeing customers attach as a standalone, similar to the privileged access product. I know that's not as mature, but you're really seeing a lot of traction with IGA. Just curious what you're seeing from a competitive displacement versus greenfield, and are you getting net new customers coming in, buying these products?
We are, and thanks for the question. The reason that I made that comment to the prior is I didn't want the breadth and success and continued momentum with governance and privileged access and the rest of our portfolio to get drowned out with all the conversation we have about our AI products. We're very excited about our AI products. Governance continues to be a strength for us. We talked over the past couple of quarters about how governance has evolved from being primarily a cross-sell add-on product to also now being a land product. We are seeing sizable land opportunities starting with governance at some companies that are displacing systems that they've had in place. We're very excited about the enterprise readiness and robustness of our governance product in the real-world deployments.
We have some very large customers, including Fortune 100 customers, who are consolidating all of their identity use cases onto Okta, including governance and including privileged access, and we're very excited for where we get to. As you mentioned in your comment, privileged access is further behind governance on that maturity curve. It came to market a little bit later. We're continuing to invest heavily in it. We did an acquisition back Q3 of Axiom Security to add capabilities to that, and we're continuing to invest in that breadth of portfolio, kind of rounding out the identity security fabric in addition to all the momentum that we're seeing with our great success in the AI product. We expect that new product portfolio contribution to continue in future quarters and not be limited to the conversation we're having about AI.
Great. Next up, we'll go to Shrenik Kothari at Baird.
Thanks for taking my question. Among the enterprise partnerships that you announced, and given your strand, the ServiceNow AI Control Tower sounds really interesting, especially because we have heard ServiceNow is definitely becoming a workflow governance layer for enterprise AI, already beginning to monetize it. Can you walk through the partnership dynamic? How is that progressing, or how do you envision Okta reaching then customers and budgets earlier in this AI governance process? As you said, there's a lot of players out there. Just as a quick follow-up, also tying to your earlier comments, are these strategic partnerships also where, because you mentioned identity is being pulled into broader identity or workflow transformation programs instead of now standalone, is it something which is showing up in these kind of partnerships?
ServiceNow is, as you mentioned, super interesting. Their product strategy is they want to be the control tower for all AI agents. What they were really interested with Okta was this kill switch capability. When agents go awry and agents aren't following the policy, how do you shut them down? That can mean a lot of different things. That can mean actually stopping the running of the agent. That can mean quarantining the agent at a network level. There's many different strategies. The one thing we do really well, and that they wanted from us, is the ability to sever the connections, the access tokens, the actual logical connection at the authorization layer to the back-end resources, and we're really good at that. That's kind of the core of our product. What can these things connect to? What can they do?
Everyone's trying to figure out who's going to be the winner, who's going to be the losers, and how is the competitive dynamic going to play out. I think there's going to be way more working together than people think. We're really excited about our conversations with Amazon and their AgentCore, ServiceNow, Agentforce from Salesforce. The message from customers is clear. They want this identity layer and this connectivity layer to be independent, to give them more flexibility, and I think the industry is coalescing around that, and we're leading the way there.
What I would add to that, Shrenik, is this is something Okta does really well. We talk a lot about the importance of neutrality and our philosophy that we want to meet our customers where they are with the technologies that they're deploying within their companies, and we want to make sure that we provide the identity control plane across all of their use cases and all of their vendors and all of their stacks. You'll see just with our highlights from this quarter, we're really engaging with and partnering with all the major platform players that are active in the space right now. That's, one, because our customers require it, and it's important for neutrality, and it's two, it's something Okta's been really good at throughout our history. We are an integration company.
We have over 8,000 integrations for our core products through the Okta Integration Network available today. For us, expanding those integrations with the active providers who are gaining traction right now in this time is something that's very natural to us and something we expect to continue as these tools are evolving. As you all know, the landscape has been very dynamic with different vendors leapfrogging each other. We expect to be partnering with all of them going forward as well.
Awesome. Super helpful. Thanks.
Okay, we'll go to Yun Kim at Loop Capital.
All right, great. Thank you. On Brett's earlier commentary, that average deal size when AI products are included is much larger than regular non-AI deals, I am assuming that the actual AI deal itself is small, and it's still very early. Is the larger deal size mainly driven by customers adopting Okta as a platform, as they adopt AI security solution? In that way, is your AI agent, in a way, driving the customers to adopt Okta more broadly, and is there a specific go-to-market or a push to do this when a prospect is showing interest in your AI agent product?
To be very clear, and I'll let Todd or Eric comment on the second part of it, but the AI product itself, what I'm talking about when I say the average deal size, that I'm only talking about the AI line on the deal. I'm not talking about the broader deal. It's a very sizable deal just for the AI products themselves.
Wow.
You heard Todd talk about earlier about how we're getting this concept of pull through, which is exactly what you're mentioning, which is AI is part of it in some of these deals, but also it's forcing customers to modernize their tech stack to be able to look at identity and really examine it and make sure it's working for them. That helps the other side of the platform as well. Just want to make sure that was clear, and Todd, you can add anything I might have missed, but that's the general idea of that just the line item itself is a pretty large line item at this point. Granted, we're still early on, potential for it to change, but right now it looks pretty good.
Yeah. In the early days, it's early days for Okta for AI agents and Auth0 for AI agents. As we scale it up, as we kind of convert this record pipeline, it's about doing more deals. It's not actually about doing bigger deals. The deals are big, which is a little bit different actually, than other new product. Even governance four or five years ago was the initial deals were small, then they got big, then we did more of them. This one is, they're already big. We can do more of them.
Okay, great. Looking forward to the progress. Thanks.
Sure.
Just one additional comment on this. It ties back to a couple of the questions we had from earlier in the session, questions around budget durability for customers. This is one of the reasons that the deals are big and one of the reasons we've had great momentum and success with the hundreds of enterprises we're engaging with, and one of the reasons our pipeline, we feel very strong about our pipeline, as Todd mentioned, we haven't seen a pipeline like this for a new product ever. All of that is because of some of the statistics we shared in the opening video, which is customers have a problem today. They have a problem today where over 90% of them have agents in production, and only 22% of them are confident that they have them governed. That is a real problem.
It's a measurable, quantifiable exposure customers have right now within their companies, and they need to invest to fix it. We are working very hard at Okta to meet them at that need to make sure that we've got the products that are going to help them address that exposure. We're very bullish about being able to continue that as we help more and more of our customers become what we call the secure agentic enterprise.
Great. Next up, we're going to go to Junaid Siddiqui at Truist.
Great. Thanks, Dave. Todd, the role of the model providers is hotly debated within cybersecurity, even though it's early days. To what extent is your participation in initiatives like Project Lastline and Trusted Access for Cyber translating into measurable improvements in win rates or competitive positioning? More broadly, how do you see their role evolving in the broader cybersecurity landscape?
That's a really good question. I don't think these partnerships have moved the needle yet in real customer conversations. I think we have such an interesting vision, and our blueprint is so helpful for customers. That's what's driving it. I do think we need to partner with everyone, including the model providers, because they're going to be providing platforms and agentic scaffolding and infrastructure, and we're going to fit well with that. We're going to make sure that we can take that from a model provider or from an app company or from an infrastructure cloud and make sure it can help the customer answer these questions. Where are my agents? What can they connect to, and what can they do when they do connect?
I think in terms of the model providers, how they're going to play in the broader cyber ecosystem, it's going to take a village. I think we've seen that in cyber forever. I think consolidation in cyber never seems to work. It always seems to be gets to a certain point, and then new threats emerge, and the companies that are trying to consolidate cyber have such a hard time integrating amongst themselves. It kind of fractures apart, and I think that'll continue. I think cyber and the agentic world is going to take a village, and we're going to have to make sure it's integrated together and make sure we have layered defenses. That's why I think it's really healthy to be coming into this conversation with this open mindset of, "Hey, we have our lane.
We're going to try to provide the best identity foundation in the world, and then connect around that in a standard way that helps customers get great outcomes.
Great. Thank you.
All right. Let's go to Fatima Boolani at Citi. Fatima, are you on? If not, we're going to go to Gray Powell at BTIG.
All right, great. Thanks for taking the questions. Yeah, congratulations on the results. It's good to see. Maybe just sticking with the AI topic. In RSA this year, the messaging from just different identity vendors on agentic security, I have to admit, it all sounds pretty similar. Everyone's talking about some form of agent discovery, guardrails, identity governance, and a lot of the CISOs that we speak to are just, well, they're confused. I understand you have strong relationships. I guess my question is, how does Okta cut through the noise in the market, differentiate yourself, and get to the people that are actually in charge of making decisions?
The first reason, that's why we wrote this blueprint, Gray. People want a blueprint. In fact, it was based on a customer conversation I had. This guy, he was a great customer of Okta, and he'd been in the valley visiting a bunch of companies, and he said the same thing you said. He's like, "Todd, I don't know what you're saying. You're all saying the same thing. It's like you should come up with a blueprint for us." I said, "That's a great idea." That's why we made this blueprint, and it kind of tries to define the swim lanes. It's been really well-received, and it kind of makes it very clear that there's a bunch of stuff we need to do. Here's the different roles, and here's the different ways to do it, and here's what Okta's doing.
Yeah, that's one way, and the second way is just customer traction as we get customers live. We keep saying that the agent products are just getting started, but there's still many customers on them going live. Once that happens, that's going to be very valuable, that we're going to tout those stories and make sure everyone else in the world knows about them, and that's how you set standards, and that's how you go from a blueprint and a concept into actionable implementations that people can pivot off of and have their own success. That's the plan.
Like I said, it comes down to, I believe strongly that the reason why we're seeing so much pipeline and early momentum is it's partly because, like I said, we have a good product and a good vision, but it's also because we're in the right position, and people give us the credibility to do this, that we've been connecting people to all these resources in a way that's scalable and neutral. The agentic problem is pretty similar. I mean, it's different protocols and how they speak, and some of the development tools are different, but conceptually, they think of it in the same bucket, which puts us in a good position, I think.
That's one thing I was going to highlight as well, to your point, Gray, about how we cut through the noise, is the first point that Todd talked about in our differentiation is our distribution and our footprint right now with over 20,000 enterprises that already trust us as their provider to secure identity for their humans and their service accounts. For those conversations, these customers are going to look to us first as the natural partner for them as they think about how they secure agents in their model as well. We've really had very engaging conversations across the board on this. Because we're responding so directly to what we're hearing these customers need, we've had great success in turning that into pipeline. That's why you hear some of the commentary we're sharing today.
All right. Thank you very much. That was really helpful.
Okay, I see Fatima back. Go ahead, Fatima.
Thank you so much. I apologize for the kerfuffle earlier. Todd, this question is for you. It's a strategic question. I know you've made the choice to offload professional services to some of your GSI partners, but it's an interesting dynamic we're seeing in the broader cyberspace and even with larger tech companies that are actually leaning into services on a more direct basis. I'm wondering if there's still an opportunity for you to maybe take a more strategic and architectural stance as it relates to building and defining strategies around agentic identity, cybersecurity architecture. Just curious about that sort of dichotomy because you've decided to step away from it, but all your peers are kind of leaning more into it.
Yeah, it's the great irony of our industry right now, that we're going to automate all the jobs except for the forward deployed engineer. We need people to do that, right? Our services team is evolving into that architectural, giving the overall high-level consulting and helping the GSIs get enabled to do that and then do that on their own. That's exactly where we're going. Think about it as we're not getting rid of our services, we're repurposing them so they can be in this architectural, consultative type role, and then the GSIs can help us just get the scale.
Overall, there needs to be way more capacity to do Okta work in the world, and then we need to improve that and increase that, and that's what this move is trying to facilitate that, while at the same time, making sure the thought leadership and the architecture and the strategic stuff can still be done by the core of our team here.
Keep in mind it was a decision to try to get the partners sourcing more business for us. If you remember some of the comments we had earlier, we talked about partner-sourced ARR in Q1 did really well, and partner pipe gen in the quarter also did really well. Yes, it's only one quarter. Let's not get overly excited one way or the other, but it's a nice first data point for us to suggest that this strategy is the right strategy to go down the path of. Obviously, we'll update you guys as we go through the balance of the fiscal year, but that was also another reason to do this, and we see these early data points that are suggesting that it was the right decision.
Just one clarification for the way you framed that question is we wouldn't describe it as we're stepping away from services. As Todd mentioned, we are focusing on exactly that high caliber work that you described with our customers and partnering with the GSIs to give us the scale, as Todd mentioned. We're very aligned with the scenario that you identified.
I appreciate that. Thank you.
Okay. Next, we're going to go to Gabriela Borges at Goldman Sachs.
Hey, good afternoon. Thank you. I have a different Project Glasswing question. Todd, when you and your R&D team, when you get a hold of some of these next generation models, what are you doing internally, either from a vulnerability management standpoint or from an R&D roadmap standpoint? Brett, the follow-up here is how do you put the right guardrails on your inference costs such that you don't find yourself spending on tokens inefficiently? Thank you.
Yeah. We're like everyone else. We're using these models, we're testing our own stuff. I think what people miss is that. There's a lot of zero days out there, and we may debate how many more we find with these new models, but it's not taking the number from zero to 10. It's not zero to one. There's many out there, and so everyone has to have guardrails in place, and everyone has to have capabilities in place to defend, fast patching, multilayer defense. We're no different. We're putting those guardrails in place in our products and our processes, et cetera. The cost thing you're talking about is real, the inference costs and the AI tooling and what it's driving in terms of expenses.
I think you're going to see at Okta over the whole industry over the next 6 to 12 months, you're going to see a little bit more scrutiny in terms of ROI. What are you getting from all this, the inference costs you're spending? How is it translating? Which is not surprising given the amount it's rising across the industry. We're going to come out the other side with a more balanced ROI-driven investment portfolio of how we spend these things. We're optimistic about how it's going to work out very well for us.
I would just add that I remember the number one thing we've talked about for years is become one of the most secure companies in the world, right? It's still priority number one, and this is just another tool for our security teams to try to achieve that goal, right? Just like Todd was saying, we're going to prioritize it and develop an ROI and all that good stuff like any other investment, but it is still in service of that goal of becoming one of the world's most secure companies out there.
That example, it's not limited to the Glasswing, but also GPT-5.5-Cyber, and we continue to make those investments.
Yeah, it's good stuff. Thank you.
Okay, next up we're going to go to Rudy Kessinger at D.A. Davidson.
Great. Thanks, guys. Congrats on the quarter. I'm curious how you are approaching pricing some of these agent deals in terms of the number of agents. We've heard in some field conversations you guys are doing deals where basically the contract is for an unlimited number of agents. The good thing is, in those deals, I'm hearing that the spend is very high relative to your existing spend on other products. The risk there is what if the customer doesn't get to unlimited agents and there's downside renewal or other things that could happen. How are you approaching that dynamic with customers and factoring it into contracts?
There's no unlimited. If there is unlimited, it's time-bound. There have been some deals where we've done like a year, and then it's like we're going to figure out after a year how the use case really unfolded and how to snap it back to the normal pricing model. It's not unlimited in the sense of time and volume. I think that's just because it is an early market and there are some uses and some environments where there is more experimentation that's needed, and they want to sign a deal, we want to work with them, and so we'll do maybe not a multi-year deal, but a one-year deal in that fashion.
Okay. Next up we're going to go to Ben Bollin at Cleveland.
Thanks, Dave. Good afternoon, everyone. Appreciate the question. Todd, you referenced a bit of a return to fundamentals, in relation to, I think it was Mr. Essex's question on Mythos. Could you talk about how this is influencing the core workforce in CIAM pipelines and the opportunity in particular around CIAM to maybe disintermediate some of the DIY Frankenstein solutions? Thanks.
Yeah, I think the CIAM impact of this is, it's not as big right now as the governance and privilege and access management. Call that core cyber, core cyber hygiene and identity infrastructure, identity security. I think that's getting more pull through at this point, than the CIAM side. I think the CIAM side is coming because I think a lot of agents and agentic workflows right now are internal automation opportunities, but you're going to see better customer experiences, you're going to see better support experiences. That one's actually further along than some of the others, customer support. I think it's going to be a big pull through for CIAM as well. It's like you said, it's the pace of change and the pace of innovation.
Once four of your competitors have a better agentic customer experience, you got to get your experience upgraded quickly. You're not going to have enough time to roll your own there. You're going to have to use a packaged solution. I think that will happen eventually.
It's the top of the hour. We're going to take one more question from Jonathan Ho at William Blair.
Thank you for squeezing me in. You mentioned multiple times the stability that you've seen in sort of your sales workforce with some of the transitions that have happened there with the lower attrit, higher productivity, and pipeline build. I'm just trying to understand how you feel relative to where your go-to-market is today versus historically, and can we see more benefit from this over time? Thank you.
Yeah. We feel very positive on the state of go-to-market right now. We spent a lot of time last year explaining our expectations of the impact of specializing on our buyers for IT security with the Okta platform and developers with the Auth0 platform. You also heard us talk about the importance of continuity and giving people time and territory and time with their accounts and time to ramp into productivity. You've heard over the past few quarters, we've shared our positive view on the improving trends in sales productivity and in AE retention, the inverse of AE attrition. We feel very strongly that that engine is where it needs to be right now. Because of that, we added some selling capacity in Q1. We spoke about that last quarter. We're continuing to lean into the model that we believe is working.
We're optimistic we can continue to see increased retention and increased productivity as people get more and more time within their territories and with the expanding portfolio of products they can bring to their customers as well.
I think we have the right team and the right organization to convert this huge pipeline, and we're excited about doing that.
All right. That's all the time we have. Appreciate it. Before you go, just want to let you know that in addition to hosting onsite and virtual bus tours this quarter, we'll be attending the Evercore TMT Conference on June 3rd in San Francisco, the Nasdaq Conference on June 10th in London, and the FBN Virtual Technology-